
Tig. 1 



20 



RPS919990119U51 



28 



206 



200 



2/4 



To Network 



CPU 



204 



Memory 






q2 2 2 



1L 



R45 K 



236 



IT 



202 



Core Memory 
Controller/ 
PCI Bridge 



Keys 


Fixed 
Disk 


220-, ; 




IDE 
Controller 



208 



Si 



261 



Engine 



Master Public 
Key 



Master Private 
Key 



Authentication 
Password 



Application 
Keys 



243 
260 



230 



Network Adapter 



PCI Expansion Slots 



Aux 5 
241 ^ 

1 



212 



PCI-ISA Bridge 

+ Power 
M anagemen t 
| CMOS | Y 



262 



238 



Sm Bus 



ISA Expansion Slots 



Vbat 



-213 



jlAA 
246^ 



□ 



240 \J Power 
243i 



Supply 
] 



System Power 



Video ^ 

Controller 1 



Flash 



-242 248 



J 



214 



51 



Video 
Memory 



Conn 

To 



250 



if 



218 



I/O Controller 
Interrupts 
Floppy, 
Keyboard, Mouse 



<Fig. 2 



22, 



Keyboard 



Floppy 
Drive 



Mouse 



RPS919990f19US1 



3/4 



Start 



y 



300 





r302 


Security subsystem 
creates a master key 
pair and stores the 
master key pair in 
protected storage 




r3 04 


Administrator 
chooses an 
authentication code 




C306 


Security subsystem 
securely stores the 
authentication code 
in protected storage 







C stop y 
<FiQ. 3 



308 



Start 



y 



500 



_3 



502 



Application requests 
authentication of a 

signature included in 
a virtual certificate 



504 



Security subsystem 
validates signature 

by reading master 
public key from 

protected storage 



506 



Security subsystem 
uses master public 
key to decrypt 
signature and 
determine whether 
the signature is 
authentic 



i2 



508 



Security subsystem 

responds to 
application regarding 
whether signature is 
authentic 



C stop y 



510 



Tig. 5 



RPS919990119US1 



Start 



y 



400 



4/4 



402 



Administrator 
supplies target public 
key or causes the 
security subsystem 
to create a key pair 



404 



Security subsystem 

prompts for 
authentication code 



Tig. 4 



-406 



, Correct entry of > 
"^authentication code^ 
sjn specified number^ 
of tries ? 



4oe 



Administrator enters 
a certificate identifier 




r410 


Security subsystem 
forms security data 
structure 




q412 



Security subsystem 
creates a hash of 
security data 
structure, and 
encrypts hash value 
with master private 
key to create a 
signature 



.2 



414 



Security subsystem 
appends signature 
to security data 

structure to form a 
virtual certificate 



C Start Y 



416 



